diff --git a/content/posts/qubes/Firewalling with MirageOS on Qubes OS.md b/content/posts/qubes/Firewalling with MirageOS on Qubes OS/index.md similarity index 98% rename from content/posts/qubes/Firewalling with MirageOS on Qubes OS.md rename to content/posts/qubes/Firewalling with MirageOS on Qubes OS/index.md index fa0646a..3f226f5 100644 --- a/content/posts/qubes/Firewalling with MirageOS on Qubes OS.md +++ b/content/posts/qubes/Firewalling with MirageOS on Qubes OS/index.md @@ -5,7 +5,7 @@ tags: ['Operating Systems', 'MirageOS', 'Qubes OS', 'Security'] author: Tommy --- -![MirageOS](/images/mirageos.png) +![MirageOS](mirageos.png) [MirageOS](https://mirage.io/) is a library operating system with which you can create a unikernel for the sole purpose of acting as Qubes OS's firewall. In this post, I will walk you through how to set this up. diff --git a/static/images/mirageos.png b/content/posts/qubes/Firewalling with MirageOS on Qubes OS/mirageos.png similarity index 100% rename from static/images/mirageos.png rename to content/posts/qubes/Firewalling with MirageOS on Qubes OS/mirageos.png diff --git a/content/posts/qubes/Using IVPN on Qubes OS.md b/content/posts/qubes/Using IVPN on Qubes OS/index.md similarity index 97% rename from content/posts/qubes/Using IVPN on Qubes OS.md rename to content/posts/qubes/Using IVPN on Qubes OS/index.md index ae344a4..a2d1af0 100644 --- a/content/posts/qubes/Using IVPN on Qubes OS.md +++ b/content/posts/qubes/Using IVPN on Qubes OS/index.md @@ -5,7 +5,7 @@ tags: ['Applications', 'Qubes OS', 'Privacy'] author: Tommy --- -![IVPN](/images/ivpn.png) +![IVPN](ivpn.png) IVPN is a fairly popular and generally trustworthy VPN provider. In this post, I will walk you through how to use the official IVPN client in a ProxyVM on Qubes OS. We will deviate from the [official guide](https://www.ivpn.net/knowledgebase/linux/ivpn-on-qubes-os/) by using systemd path to handle DNAT. This will provide the same robustness as their approach to modify `/opt/ivpn/etc/firewall.sh`, while avoiding the risk that the modifications will be overwritten by a future app update. We will also be using a TemplateVM for IVPN ProxyVMs instead of using Standalone VMs. @@ -99,7 +99,7 @@ sudo shutdown now Create an AppVM based on the TemplateVM you have just created. Set `sys-firewall` (or whatever FirewallVM you have connected to your `sys-net`) as the net qube. If you do not have such FirewallVM, use `sys-net` as the net qube. Next, go to the advanced tab and tick the `provides network access to other qubes` box. -![Provides Network](/images/provides-network.png) +![Provides Network](provides-network.png) Open the IVPN and select `Settings` → `DNS` → `Force management of DNS using resolv.conf`. @@ -123,5 +123,3 @@ This is not strictly necessary, as I have not observed any leaks with the VPN ki With this current setup, the ProxyVM you have just created will be responsible for handling Firewall rules for the qubes behind it. This is not ideal, as this is still a fairly large VM, and there is a risk that IVPN or some other apps may interfere with its firewall handling. Instead, I highly recommend that you [create a minimal Mirage FirewallVM](/posts/qubes/firewalling-with-mirageos-on-qubes-os/) and use it as a firewall **behind** the IVPN ProxyVM. Other AppVMs then should use the Mirage Firewall as the net qube instead. This way, you can make sure that firewall rules are properly enforced. - -![MirageOS](/images/mirageos.png) diff --git a/static/images/ivpn.png b/content/posts/qubes/Using IVPN on Qubes OS/ivpn.png similarity index 100% rename from static/images/ivpn.png rename to content/posts/qubes/Using IVPN on Qubes OS/ivpn.png diff --git a/static/images/provides-network.png b/content/posts/qubes/Using IVPN on Qubes OS/provides-network.png similarity index 100% rename from static/images/provides-network.png rename to content/posts/qubes/Using IVPN on Qubes OS/provides-network.png diff --git a/content/posts/qubes/Using Lokinet on Qubes OS.md b/content/posts/qubes/Using Lokinet on Qubes OS/index.md similarity index 99% rename from content/posts/qubes/Using Lokinet on Qubes OS.md rename to content/posts/qubes/Using Lokinet on Qubes OS/index.md index c3ea569..5e8fa8c 100644 --- a/content/posts/qubes/Using Lokinet on Qubes OS.md +++ b/content/posts/qubes/Using Lokinet on Qubes OS/index.md @@ -5,7 +5,7 @@ tags: ['Applications', 'Qubes OS', 'Anonymity', 'Privacy'] author: Tommy --- -![Lokinet](/images/lokinet.png) +![Lokinet](lokinet.png) [Lokinet](https://lokinet.org) is an Internet overlay network utilizing onion routing to provide anonymity for its users, similar to Tor network. This post will go over how to set it up on Qubes OS. diff --git a/static/images/lokinet.png b/content/posts/qubes/Using Lokinet on Qubes OS/lokinet.png similarity index 100% rename from static/images/lokinet.png rename to content/posts/qubes/Using Lokinet on Qubes OS/lokinet.png diff --git a/content/posts/qubes/Using Mullvad VPN on Qubes OS.md b/content/posts/qubes/Using Mullvad VPN on Qubes OS/index.md similarity index 97% rename from content/posts/qubes/Using Mullvad VPN on Qubes OS.md rename to content/posts/qubes/Using Mullvad VPN on Qubes OS/index.md index 74933d0..944ef3a 100644 --- a/content/posts/qubes/Using Mullvad VPN on Qubes OS.md +++ b/content/posts/qubes/Using Mullvad VPN on Qubes OS/index.md @@ -5,7 +5,7 @@ tags: ['Applications', 'Qubes OS', 'Privacy'] author: Tommy --- -![Mullvad VPN](/images/mullvad-vpn.png) +![Mullvad VPN](mullvad-vpn.png) Mullvad is a fairly popular and generally trustworthy VPN provider. In this post, I will walk you through how to use the official Mullvad client in a ProxyVM on Qubes OS. This method is a lot more convenient than the [official guide](https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn/) from Mullvad (which recommends that you manually load in OpenVPN or Wireguard profiles) and will let you seamlessly switch between different location and network setups just as you would on a normal Linux installation. @@ -82,7 +82,7 @@ sudo shutdown now Create an AppVM based on the TemplateVM you have just created. Set `sys-firewall` (or whatever FirewallVM you have connected to your `sys-net`) as the net qube. If you do not have such FirewallVM, use `sys-net` as the net qube. Next, go to the advanced tab and tick the `provides network access to other qubes` box. -![Provides Network](/images/provides-network.png) +![Provides Network](provides-network.png) Open the Mullvad VPN app. Go to `Settings` → `VPN settings` and toggle `Local network sharing`. Due to some strange interaction between qubes services and Mullvad VPN, certain apps will get internet connections while others do not if this toggle is not enabled. This toggle will **not** actually allow AppVMs connected to the ProxyVM to connect to the local network. @@ -104,5 +104,3 @@ This is not strictly necessary, as I have not observed any leaks with the VPN ki With this current setup, the ProxyVM you have just created will be responsible for handling Firewall rules for the qubes behind it. This is not ideal, as this is still a fairly large VM, and there is a risk that Mullvad or some other apps may interfere with its firewall handling. Instead, I highly recommend that you [create a minimal Mirage FirewallVM](/posts/qubes/firewalling-with-mirageos-on-qubes-os/) and use it as a firewall **behind** the Mullvad ProxyVM. Other AppVMs then should use the Mirage Firewall as the net qube instead. This way, you can make sure that firewall rules are properly enforced. - -![MirageOS](/images/mirageos.png) diff --git a/static/images/mullvad-vpn.png b/content/posts/qubes/Using Mullvad VPN on Qubes OS/mullvad-vpn.png similarity index 100% rename from static/images/mullvad-vpn.png rename to content/posts/qubes/Using Mullvad VPN on Qubes OS/mullvad-vpn.png diff --git a/content/posts/qubes/Using Mullvad VPN on Qubes OS/provides-network.png b/content/posts/qubes/Using Mullvad VPN on Qubes OS/provides-network.png new file mode 100644 index 0000000..ff46f33 Binary files /dev/null and b/content/posts/qubes/Using Mullvad VPN on Qubes OS/provides-network.png differ diff --git a/content/posts/qubes/Using Split GPG and Split SSH on Qubes OS.md b/content/posts/qubes/Using Split GPG and Split SSH on Qubes OS/index.md similarity index 97% rename from content/posts/qubes/Using Split GPG and Split SSH on Qubes OS.md rename to content/posts/qubes/Using Split GPG and Split SSH on Qubes OS/index.md index 0150dab..f286114 100644 --- a/content/posts/qubes/Using Split GPG and Split SSH on Qubes OS.md +++ b/content/posts/qubes/Using Split GPG and Split SSH on Qubes OS/index.md @@ -5,7 +5,7 @@ tags: ['Operating Systems', 'Qubes OS', 'Security'] author: Tommy --- -![Split GPG & SSH](/images/split-gpg-ssh.png) +![Split GPG & SSH](split-gpg-ssh.png) This post will go over setting up Split GPG, then setting up Split SSH with the same PGP keys. Effectively, we are emulating what you can do with a PGP smartcard on Qubes OS. @@ -28,7 +28,7 @@ This part is based on the Qubes Community's [guide](https://forum.qubes-os.org/t - Get your keygrip with `gpg --with-keygrip -k` - Add your keygrip to the end of `~/.gnupg/sshcontrol` -![PGP Keygrip](/images/keygrip.png) +![PGP Keygrip](keygrip.png) ### In `vault`'s TemplateVM diff --git a/static/images/keygrip.png b/content/posts/qubes/Using Split GPG and Split SSH on Qubes OS/keygrip.png similarity index 100% rename from static/images/keygrip.png rename to content/posts/qubes/Using Split GPG and Split SSH on Qubes OS/keygrip.png diff --git a/static/images/split-gpg-ssh.png b/content/posts/qubes/Using Split GPG and Split SSH on Qubes OS/split-gpg-ssh.png similarity index 100% rename from static/images/split-gpg-ssh.png rename to content/posts/qubes/Using Split GPG and Split SSH on Qubes OS/split-gpg-ssh.png